After reading about the latest round of attacks against DoD and other government computers, I started thinking about the defensive, reactive nature of security world. Vendors are consistently on their heels trying to catch up with hackers and crackers. Consumers are consistently running behind vendors trying to deploy security patches, let alone adopt security-based best practices in their own applications. Yes, there are more proactive solutions, especially at the network level, but its safe to say that the computing world has yet to achieve a complete proactive stance when it comes to security.
Being proactive is hard. As a vendor, there is so much you can do to stay head of the curve, making sure that your code is a well behaved as possible. As a consumer, you are beholden to both the vendor-world as well as the particulars of your organization in terms of rolling out patches and new technology.
We, as an industry, have to make sure that there are security functions at every layer of our customer solutions. But more than that, those functions have to be able to act in concert. They have to be able to be monitored and audited in a more holistic manner. I feel that an Identity Metasystem is part and parcel to this. We owe it our customers to create a computing world which is security proactive on its own, freeing the customer to focus on their day to day business.
I was trying to find a way to describe the greater discipline of identity management to a coworker. Because of all the terminology collisions out there, coming up with clear description wasn’t easy. The following is a riff on Plato’s Allegory of a Cave and Kim Cameron’s 4th Law of Identity – Directed Identity.
Consider that you are standing in a large room which represents the world in which your identity can be represented. In front of you are a series of three dimensional figures called targets. These targets come in a variety of shapes and sizes. Behind you are a series of lights. When a light is switched on, it projects your shadow onto one of the targets. These targets are coated with a special substance that locks your shadow onto the surface. Because of the shape and irregularities of the targets, your shadow does not look the same on every target. Furthermore, your shadow looks more like you on some targets than others. These targets are different systems that represent your identity in one way or another. Active Directory is a fairly regular shape, thus your shadow on this target looks a lot like you. I picture the Active Directory target as a convex lens. A biometric system is an irregular shape full of nooks and crannies, thus it’s extremely hard to tell that the shadow is yours. I picture a biometric system target as a spiky blob of some sort. Continue reading "Shadows of Identity"...